<?php
/******************************************
 * Author: <YOUR NAME HERE>
 * Description: <YOUR DESCRIPTION HERE>
 ******************************************/
class Userdata  extends CustomSecurity { 

	var $db; 
	var $id;
	var $progchamp;
	var $proggoalsc;
	var $points;
	var $teamID;
	var $hasteam;

	function Userdata($db){ 
          $this->db = $db; 
    }

	/***********************************
 	 * Add:         Allows the insertion of values into the Table.
 	 * Parameters:  $id, $progchamp, $proggoalsc, $points, $teamID, $hasteam
 	 * Return:      (Boolean) True - Successfully Inserted | False - Error
 	 ************************************/
	function add($progchamp, $proggoalsc){ 
		escape_string($progchamp);
		escape_string($proggoalsc);
		date_default_timezone_set('Europe/Helsinki');		
		
		if (time() > mktime(14,46,0,6,22,2010)){
			return;
		}
		$userid = $_SESSION['user_id'];
		$statement = "INSERT INTO userdata (id, progchamp, proggoalsc) VALUES ($userid, '$progchamp', '$proggoalsc');";
		$results   = $this->db->query($statement);

		if($results){
			return true;
		}else{
			return false;
		}

	}//End add()


	/***********************************
 	 * Update:      Allows for the update of a record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value | (String) Column Name To Update | (String) New Value
 	 * Return:      (Boolean) True - Successfully Updated | False - Error
 	 ************************************/
	function update($champ, $gscr){ 
		escape_string($champ);
		escape_string($gscr);
		
		date_default_timezone_set('Europe/Helsinki');
		
		$preStatement = "progchamp = '$champ'";
		$plusStatement = ", proggoalsc = '$gscr'"; 
		if (time() > mktime(14,46,0,6,22,2010)){
			return;
		}
		if (time() > mktime(14,46,0,6,15,2010)){
			$plusStatement = '';
		}
		$statement = "UPDATE userdata SET ".$preStatement.$plusStatement."  WHERE id = ".$_SESSION['user_id'];
		$results   = $this->db->query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End update()


	/***********************************
 	 * GetAll:       Returns all the records in the database.
 	 * Parameters:   NA
 	 * Return:      (MultiDimensional-Array)String
 	 ************************************/
	function getAll(){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT id, progchamp, proggoalsc, points, teamID, hasteam FROM userdata";
		$results   = $this->db->getAll($statement);

		return $results;

	}//End getAll()
	
		function get(){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT id, progchamp, proggoalsc, points, teamID, hasteam FROM userdata WHERE id = ".$_SESSION['user_id'];
		$results   = $this->db->getAll($statement);

		return $results;

	}//End getAll()

//
//	/***********************************
// 	 * GetObject:   Returns a specific record form the batabase.
// 	 * Parameters:  (Int) Primary Key Value
// 	 * Return:      (Array)String
// 	 ************************************/
//	function getObject($primaryKeyName, $primaryKeyValue){ 
//
//		//Custom SQL Injection Escaping HERE
//
//		$statement = "SELECT id, progchamp, proggoalsc, points, teamID, hasteam FROM userdata WHERE ".$primaryKeyName." = '".$primaryKeyValue."'";
//		$results   = $this->db->getAll($statement);
//
//		return $results;
//
//	}//End getObject()
	
	function updatePoints($id, $points){
		
		escape_string($id);
		escape_string($points);
		$statement = "UPDATE userdata SET points = '$points' WHERE id = ".$id;
//		echo $statement;
		$results   = $this->db->query($statement);
		if($results){
			return true;
		}else{
			return false;
		}
	}
	
	function getRanking(){
		$statement = "SELECT s.firstname, points, u.progchamp, u.proggoalsc, u.id FROM userdata u INNER JOIN users s ON u.id = s.id ORDER BY points DESC";
		$results   = $this->db->getAll($statement);
		return $results;
	}


}//End Class Userdata
?>